QUESTION 21Refer to the exhibit which two statement about the given IPV6 ZBF configuration are true? (Choose two)

A. It provides backward compability with legacy IPv6 inspectionB. It inspect TCP, UDP,ICMP and FTP traffic from Z1 to Z2.C. It inspect TCP, UDP,ICMP and FTP traffic from Z2 to Z1.D. It inspect TCP,UDP,ICMP and FTP traffic in both direction between z1 and z2.E. It passes TCP, UDP,ICMP and FTP traffic from z1 to z2.F. It provide backward compatibility with legacy IPv4 inseption.

QUESTION 25What are the two mechanism that are used to authenticate OSPFv3 packets?(Choose two)

A. MD5B. ESPC. PLAIN TEXTD. AHE. SHA

Answer: BD

QUESTION 26You have been asked to configure a Cisco ASA appliance in multiple mode with these settings:

(A) You need two customer contexts, named contextA and contextB(B) Allocate interfaces G0/0 and G0/1 to contextA(C) Allocate interfaces G0/0 and G0/2 to contextB(D) The physical interface name for G0/1 within contextA should be “inside”.(E) All other context interfaces must be viewable via their physical interface names.

If the admin context is already defined and all interfaces are enabled, which command set will complete this configuration?

A. It is VPN client software that works over the SSl protocol.B. It is an endpoint component that is used with smart tunnel in a clientless SSL VPN.C. It operates as an NAC agent when it is configured with the Anyconnect VPN client.D. It is deployed on endpoints to route HTTP traffic to SCANsafe

Answer: D

QUESTION 28Which two statements about the SeND protocol are true? (Choose two)

A. It uses IPsec as a baseline mechanismB. It supports an autoconfiguration mechanismC. It must be enabled before you can configure IPv6 addressesD. It supports numerous custom neighbor discovery messagesE. It counters neighbor discovery threatsF. It logs IPv6-related threats to an external log server

2017 October Cisco Official New Released 400-251 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

We never believe in second chances and Lead2pass brings you the best 400-251 Exam Questions which will make you pass in the first attempt. We guarantee all questions and answers in our 400-251 Dumps are the latest released, we check all exam dumps questions from time to time according to Cisco Official Center, in order to guarantee you can read the latest questions!

QUESTION 426Refer to the exhibit. Which two statements about a device with this configuration are true? (Choose two)

A. When a peer re-establishes a previous connection to the device.CTS retains all existing SGT mapping entries for 3 minutesB. If a peer reconnects to the device within 120 seconds of terminating a CTS-SXP connection, the reconciliation timer startsC. If a peer re-establishes a connection to the device before the hold-down tier expires, the device retains the SGT mapping entries it learned during the previous connection for an additional 3 minutesD. It sets the internal hold-down timer of the device to 3 minutesE. When a peer establishes a new connection to the device, CTS retains all existing SGT mapping entries for 3 minutesF. If a peer reconnects to the device within 180 seconds of terminating a CTS-SXP connection, the reconciliation timer starts

A. The access layer switch is the policy enforcement point.B. The certificates that are used in the client-server authentication process are stored on the access switchC. The RADIUS server is the policy enforcement point.D. The RADIUS server is the policy information pointE. The RADIUS server is the policy decision point.F. An LDAP server can serve as the policy enforcement point.

A. It configures a hub router to automatically add spoke routers to the multicast replication list of the hub B. It enables a GRE tunnel to operate without the IPsec peer or crypto ACLs. C. it enables a GRE tunnel to dynamically update the routing tables on the devices at each end of the tunnel D. It configures a hub router to reflect the routes it learns from a spoke back to other spokes through the same interface

2017 October Cisco Official New Released 400-251 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

We offer the most current and best training materials of the 400-251 certification Q&A , Practice Software, Study Packs, Preparation Labs and Audio Training you are looking for. Our online certification training offers you quick and cost-efficient way to train and become a certified professional in IT industry.

A. Identifying critical services and network vulnerabilrties and determining the potential impact of their compromise or failure.B. Investigating reports of data theft or security breaches and assigning responsibility.C. Terminating any employee believed to be responsible for compromising security.D. Evaluating the effectiveness and appropriateness of the organization’s current risk-managemept activities.E. Establishing a security team to perform forensic examinations of previous known attacks.

Answer: A

QUESTION 327What command can you use to display the number of malformed messages received by a DHCP server?

QUESTION 335Refer to the exhibit. You have configured an NDAC seed switch as shown, but the switch is failing to allow other switches to securely join the domain What command must you add to the seed switch’s configuration to enable secure RADIUS communication?

QUESTION 336Refer to the exhibit. What is the effect of the given command?

A. It enables CoPP on the FastEthernet 0/0 interface for SSH and SNMP management traffic.B. It enables MPP on the FastEthernet 0/0 interface for SSH and SNMP management traffic and CoPP for all other protocols.C. It enables MPP on the FastEthernet 0/0 interface, allowing only SSH and SNMP management traffic.D. It enables QoS policing on the control plane of the FasEthernet 0/0 interface.E. It enables MPP on the FastEthernet 0/0 interface by enforcing rate-limiting for SSH and SNMP management traffic.

Answer: C

QUESTION 337Which two statements about SCEP are true? (Choose two)

A. CA servers must support GetCACaps response messages in order to implement extended functionalityB. The GetCRL exchange is signed and encrypted only in the response direction.C. It is vulnerable to downgrade attacks on its cryptographic capabilitiesD. The GetCert exchange is signed and encrypted only in the response direction.E. The GetCACaps response message supports DES encryption and the SHA-128 hashing algorithm.

Answer: AC

QUESTION 338Which two events can cause a failover event on an active/standby setup? (Choose two.)

QUESTION 339Which two statements about the MACsec security protocol are true? (choose two.)

A. Stations broadcast an MKA heartbeat that contains the key server priorityB. The SAK is secured by 128 bit AES-GCM by defaultC. When switch-to-switch link security is configured in manual mode, the SAP operation mode must be set to GCMD. MACsec is not supported in MDA mode.E. MKA heartbeats are sent at a default interval of 3 seconds.

A. It can summarize discontiguous IP addresses.B. It can easily be added to existing networksC. it can increase the convergence of the networkD. It reduces the number of routesE. It prevents unnecessary routing updates at the summarization boundary if one of the routes in the summary is unstable.

Answer: DE

QUESTION 341Refer to the exhibit. Which meaning of this error message on a Cisco ASA is true?

A. The route map redistribution is configured incorrectly.B. The default route is undefined.C. A packet was denied and dropped by an ACL.D. The host is connected directly to the firewall

Answer: B

QUESTION 342Which two statements about uRPF are true? (Choose two.)

A. The administrator can configure the allow-default command to force the routing table to use only the default routeB. It is not supported on the Cisco ASA security appliance.C. The administrator can configure the ip verify unicast source reachable-via any command to enable the RPF check to work routing groups.D. The administrator can use the show cef interface command to determine whether uRPF is enabledE. In strict mode, only one routing path can be available to reach network devices on a subnet

QUESTION 344Refer to the exhibit. A user authenticates to the NAS, which communicates to the VACACS+ server authentication. The TACACS+ SERVER Then accesses the Active Directory Server through the ASA firewall to validate the user credentials.Which protocol-port pair must be allowed access through the ASA firewall?

QUESTION 345Which WEP configuration can be exploited by a weak IV attack?

A. When the static WEP password has been stored without encryptionB. When a per-packet WEP key is in useC. When a 64-bit key is in useD. When the static WEP password has been given awayE. When a 40-bit key is in useF. When the same WEP key is used to create every pack

A. It requires DNS packet inspection to be enabled to filter domain names in the dynamic database.B. It requires the Cisco ASA DNS server to perform DNS lookups.C. It can inspect both IPv4 and IPv6 traffic.D. It can log and block suspicious connections from previously unknown bad domains and IP addressesE. It checks inbound traffic onlyF. It checks inbound and outbound traffic.

Answer: AF

QUESTION 347Which three statements about SXP are true? (Choose three )

A. It resides in the control plane, where connections can be initiated from a listenerB. Packets can be tagged with SGTs only with hardware supportC. Each VRF supports only one CTS-SXP connectionD. To enable an access device to use IP device tracking to learn source device IP addresses.DHCP snooping must be configured.E. The SGA ZBPF uses the SGT to apply forwarding decisionsF. Separate VRFs require different CTS-SXP peers, but they can use the same source IP addresses.

Answer: BCE

QUESTION 348Which file extensions are supported on the Firesight Management Center 3.1 file policies that can be analyzed dynamically using the Threat Grid Sandbox integration?

A. It sets the certificate enrollment method.B. It retrieves and authenticates a CA certificate.C. It configures a CA trust point.D. It displays the current CA certificate.

Answer: B

The strength of our 400-251 dumps is the constant update that we perform to keep abreast with the market trends and changes. Our 400-251 exam question is not only the best option for certification but also enhances your skill to an advance level.

2017 October Cisco Official New Released 400-251 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

We offer the most current and best training materials of the 400-251 certification Q&A , Practice Software, Study Packs, Preparation Labs and Audio Training you are looking for. Our online certification training offers you quick and cost-efficient way to train and become a certified professional in IT industry.

A. Identifying critical services and network vulnerabilrties and determining the potential impact of their compromise or failure.B. Investigating reports of data theft or security breaches and assigning responsibility.C. Terminating any employee believed to be responsible for compromising security.D. Evaluating the effectiveness and appropriateness of the organization’s current risk-managemept activities.E. Establishing a security team to perform forensic examinations of previous known attacks.

2017 October Cisco Official New Released 400-251 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

As a professional IT exam study material provider, Lead2pass gives you more than just 400-251 exam questions and answers. We provide our customers with the most accurate study material about the 400-251 exam and the guarantee of pass. We assist you to prepare for 400-251 certification which is regarded valuable the IT sector.

QUESTION 301Which of the following two statements apply to EAP-FAST? (Choose two.)

A. EAP-FAST is useful when a strong password policy cannot be enforced and an 802.1X EAP type that does not require digital certificates can be deployed.B. EAP-FAST was developed only for Cisco devices and is not compliant with 802.1X and 802.11i.C. EAP-FAST provides protection from authentication forging and packet forgery (replay attack).D. EAP-FAST is a client/client security architecture.

2017 October Cisco Official New Released 400-251 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

I was recommended by one of my friend, he used the Lead2pass 400-251 dumps and said they are helpful. He was right! I passed my Cisco 400-251 exam yesterday. I was lucky, all my questions in the exams were from Lead2pass dumps.

QUESTION 276 Refer to the exhibit. Which effect of this command is true?

A. The current public key of the router is deleted from the cache when the router reboots, and the router generates a new one. B. The CA revokes the public key certificate of the router. C. The public key of the remote peer is deleted from the router cache. D. The router immediately deletes its current public key from the cache and generates a new one. E. The router sends a request to the CA to delete the router certificate from its configuration.

2017 August Cisco Official New Released 400-251 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

This dump is valid to pass Cisco 400-251 exam and don’t just memorize the answer, you need to get through understanding of it because the question changed a little in the real exam. The material is to supplement your studies.

2017 August Cisco Official New Released 400-251 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

I have studied the 400-251 study guide and all questions were very authentic. I passed my 400-251 exam with good grades. I am very happy now. I will definitely back for more exams dumps. I settled well in my career with the help of Lead2pass.com. Thank also guys Hurry!!!!